Hello friends,
there is a FGT80E, which was set up from someone who is not accessible anymore.
The WAN-is connected to a DSL-Router as "exposed host". (meaning the WAN interface has a privat IP).
We have a IPSec Connection to a Cisco ASA which uses PAT. (since they dont like our internal Subnet)
The IPSec itself works just fine. In phase 2 they defined the local adress and the remote adress for the PAT
Local: 10.200.200.30
Remote: 10.200.210.80
Now they set up VIP: (which I am not sure of why they set it up?)
Interface: <the IPSEc Interface>
External IP: 10.200.200.30-10.200.200.30
Mapped IP: 192.168.100.230 (from our internal LAN)
We have static routes over the IPSec Interface the Remote PAT IP: 10.200.210.80
And we have a policy from LAN to this IPSEc
<source local subnet 192.168.100.0/24> to <remote subnet 10.200.210.0/24> ALWAYS ALL ACCEPT - NAT: dynamic IP pool <external range: 10.200.200.30-10.200.200.30> Internal 192.168.100.1 - 192.168.100.253> ARP reply enabled.
This seems to work fine from the LAN.
But now I would like our dialup users to connect through this tunnel aswell as the internal users.
But this is just not happening ....
I am already thinking that the initial setup is not correct ... even tho it works.
I am wondering if I can just put the local adress 10.200.200.30 as the Interface adress of local the IpSec interface and just enable the NAT on the policies I am using to allow the traffic.
I hope this was somehow understandable .. ?
Thanks for you help!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1066 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.